|
|
|
@ -56,6 +56,7 @@ public class GroupManager {
|
|
|
|
|
@Context ServletContext context;
|
|
|
|
|
|
|
|
|
|
private static final String VREMANAGER_ROLE = "VRE-Manager";
|
|
|
|
|
private static final String INFRASTRUCTURE_MANAGER_ROLE = "Infrastructure-Manager";
|
|
|
|
|
|
|
|
|
|
private static final Logger log = LoggerFactory.getLogger(GroupManager.class);
|
|
|
|
|
|
|
|
|
@ -100,7 +101,7 @@ public class GroupManager {
|
|
|
|
|
@POST
|
|
|
|
|
@Path("")
|
|
|
|
|
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
|
|
|
|
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
|
|
|
|
@AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class)
|
|
|
|
|
public String createGroup(@FormParam("group") String group, @FormParam("accessType") AccessType accessType){
|
|
|
|
|
|
|
|
|
|
InnerMethodName.instance.set("createGroup");
|
|
|
|
@ -109,7 +110,8 @@ public class GroupManager {
|
|
|
|
|
String groupId = null;
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
|
|
checkGroupValidity(group);
|
|
|
|
|
if (!isValidGroupForContext(groupId))
|
|
|
|
|
throw new UserNotAuthorizedException("only VREManager can execute this operation");
|
|
|
|
|
|
|
|
|
|
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
|
|
|
|
|
|
|
|
@ -134,7 +136,7 @@ public class GroupManager {
|
|
|
|
|
|
|
|
|
|
@DELETE
|
|
|
|
|
@Path("{group}")
|
|
|
|
|
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
|
|
|
|
@AuthorizationControl(allowedRoles={INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class)
|
|
|
|
|
public String deleteGroup(@PathParam("group") String group){
|
|
|
|
|
|
|
|
|
|
InnerMethodName.instance.set("deleteGroup");
|
|
|
|
@ -142,7 +144,9 @@ public class GroupManager {
|
|
|
|
|
JackrabbitSession session = null;
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
|
|
checkGroupValidity(group);
|
|
|
|
|
if (!isValidGroupForContext(group))
|
|
|
|
|
throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation");
|
|
|
|
|
|
|
|
|
|
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
|
|
|
|
|
|
|
|
|
org.apache.jackrabbit.api.security.user.UserManager usrManager = session.getUserManager();
|
|
|
|
@ -163,14 +167,17 @@ public class GroupManager {
|
|
|
|
|
if (session!=null)
|
|
|
|
|
session.logout();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return group;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
public boolean isAdmin() { return AuthorizationProvider.instance.get().getClient().getRoles().contains(INFRASTRUCTURE_MANAGER_ROLE); }
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@PUT
|
|
|
|
|
@Path("{id}")
|
|
|
|
|
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
|
|
|
|
|
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
|
|
|
|
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE, INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class)
|
|
|
|
|
public boolean addUserToGroup(@PathParam("id") String groupId, @FormParam("userId") String userId){
|
|
|
|
|
|
|
|
|
|
InnerMethodName.instance.set("addUserToGroup");
|
|
|
|
@ -179,7 +186,8 @@ public class GroupManager {
|
|
|
|
|
boolean success = false;
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
|
|
checkGroupValidity(groupId);
|
|
|
|
|
if (!isValidGroupForContext(groupId) && !isAdmin())
|
|
|
|
|
throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation");
|
|
|
|
|
|
|
|
|
|
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
|
|
|
|
|
|
|
|
@ -214,7 +222,7 @@ public class GroupManager {
|
|
|
|
|
|
|
|
|
|
@DELETE
|
|
|
|
|
@Path("{groupId}/users/{userId}")
|
|
|
|
|
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE}, exception=MyAuthException.class)
|
|
|
|
|
@AuthorizationControl(allowedRoles={VREMANAGER_ROLE, INFRASTRUCTURE_MANAGER_ROLE}, exception=MyAuthException.class)
|
|
|
|
|
public boolean removeUserFromGroup(@PathParam("groupId") String groupId, @PathParam("userId") String userId){
|
|
|
|
|
|
|
|
|
|
InnerMethodName.instance.set("removeUserFromGroup");
|
|
|
|
@ -223,7 +231,8 @@ public class GroupManager {
|
|
|
|
|
boolean success = false;
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
|
|
checkGroupValidity(groupId);
|
|
|
|
|
if (!isValidGroupForContext(groupId) && !isAdmin())
|
|
|
|
|
throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation");
|
|
|
|
|
|
|
|
|
|
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
|
|
|
|
|
|
|
|
@ -274,7 +283,8 @@ public class GroupManager {
|
|
|
|
|
List<String> users = new ArrayList<>();
|
|
|
|
|
try {
|
|
|
|
|
|
|
|
|
|
checkGroupValidity(groupId);
|
|
|
|
|
if (!isValidGroupForContext(groupId))
|
|
|
|
|
throw new UserNotAuthorizedException("only VREManager of the selected VRE can execute this operation");
|
|
|
|
|
|
|
|
|
|
session = (JackrabbitSession) repository.getRepository().login(CredentialHandler.getAdminCredentials(context));
|
|
|
|
|
|
|
|
|
@ -350,12 +360,10 @@ public class GroupManager {
|
|
|
|
|
return vreFolder;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private void checkGroupValidity(String group) throws UserNotAuthorizedException{
|
|
|
|
|
private boolean isValidGroupForContext(String group){
|
|
|
|
|
String currentContext = ScopeProvider.instance.get();
|
|
|
|
|
String expectedGroupId= currentContext.replace("/", "-").substring(1);
|
|
|
|
|
if (!group.equals(expectedGroupId))
|
|
|
|
|
throw new UserNotAuthorizedException("only VREManager can execute this operation");
|
|
|
|
|
|
|
|
|
|
return group.equals(expectedGroupId);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|